summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-05-16 16:16:09 +0200
committerChristian Poessinger <christian@poessinger.com>2020-05-16 18:25:58 +0200
commit6f349ee3b4d3da731ca22a70db6650848a0c28d9 (patch)
tree77c978c153f3bf0fc6ed2165de8dae4030d3709a /scripts
parentd7662ecfff558192a5b5009679108ca58c8518fa (diff)
downloadvyos-1x-6f349ee3b4d3da731ca22a70db6650848a0c28d9.tar.gz
vyos-1x-6f349ee3b4d3da731ca22a70db6650848a0c28d9.zip
nat: T2198: use Jinja2 macro for common ruleset for SNAT and DNAT
By using a Jinja2 macro the same template code can be used to create both source and destination NAT rules with only minor changes introduced by e.g. the used chain (POSTROUTING vs PREROUTING). Used the following configuration for testing on two systems with VyOS 1.2 and the old implementation vs the new one here. set nat destination rule 15 description 'foo-10' set nat destination rule 15 destination address '1.1.1.1' set nat destination rule 15 inbound-interface 'eth0.202' set nat destination rule 15 protocol 'tcp_udp' set nat destination rule 15 translation address '192.0.2.10' set nat destination rule 15 translation port '3389' set nat destination rule 20 description 'foo-20' set nat destination rule 20 destination address '2.2.2.2' set nat destination rule 20 destination port '22' set nat destination rule 20 inbound-interface 'eth0.201' set nat destination rule 20 protocol 'tcp' set nat destination rule 20 translation address '192.0.2.10' set nat source rule 100 outbound-interface 'eth0.202' set nat source rule 100 protocol 'all' set nat source rule 100 source address '192.0.2.0/26' set nat source rule 100 translation address 'masquerade' set nat source rule 110 outbound-interface 'eth0.202' set nat source rule 110 protocol 'tcp' set nat source rule 110 source address '192.0.2.0/26' set nat source rule 110 source port '5556' set nat source rule 110 translation address 'masquerade' set nat source rule 120 outbound-interface 'eth0.202' set nat source rule 120 protocol 'tcp_udp' set nat source rule 120 source address '192.0.3.0/26' set nat source rule 120 translation address '2.2.2.2'
Diffstat (limited to 'scripts')
0 files changed, 0 insertions, 0 deletions